Ongoing Mirai Botnet Campaign Targeting Industrial Routers

Published on 10 Jan 2025

There are reports of an ongoing Mirai-based botnet campaign targeting security flaws in industrial routers and smart home devices by leveraging zero-day exploits. The campaign's primary objective is to execute Distributed Denial-of-Service (DDoS) attacks on internet-exposed targets for profit. The malware utilises a combination of public and private exploits to spread across internet-exposed devices by exploiting vulnerabilities. Its primary targets include Digital Video Recorders (DVRs), industrial and home routers, and smart home devices. The following categories of devices are known to be targeted:

  • ASUS routers
  • Huawei routers
  • Neterbit routers
  • LB-Link routers
  • Four-Faith Industrial Routers
  • PZT cameras
  • Kguard DVR
  • Lilin DVR
  • Generic DVRs
  • Vimar smart home devices
  • Various 5G/LTE devices

Patching your vulnerable internet-connected devices is critical to ensure the security of your system or network. It helps to protect the data within and ensure that the internet-connected device does not inadvertently become part of a malicious botnet used to attack other devices.

Users and administrators should take the following steps to safeguard yourselves:

  • Check for software updates regularly and install them promptly
  • Turn off remote access to your Internet-connected devices such as cameras and printers, where possible
  • Change default credential(s) to include a mix of uppercase and lowercase letters, numbers, and symbols of at least 12 characters
  • Scan your network for possible gaps in security

For more information on how to protect your router from hackers, read the advisory here

References:

https://www.infosecurity-magazine.com/news/mirai-botnet-zerodays-routers/

https://www.bleepingcomputer.com/news/security/new-mirai-botnet-targets-industrial-routers-with-zero-day-exploits/